Is there any easy method of gaining access to other partitions on the hdd/removable media?

Depends on how you define easy. You can click on the terminal icon (the black "screen" icon 2 places to the right from the main menu button) and enter the following command:

pmounter

This will bring up the pmount dialog and you can click to mount the partition you want. (I find this method easy but others may consider it an annoyance).

There are a couple of considerations:

- All I did was to rename pmount to pmounter so that a newbie or child could not access pmount from the menus. Just a safety precaution.

- Because "pmount" has been renamed some of the functions of the pmount dialog do not work as they originally did (eg: "Refresh" does not work). If there are any issues I simply close the pmount dialog and type "pmounter" in terminal again.

- The pmount dialog does not reflect any devices that have been plugged in after the dialog was started. Need to close the dialog and enter "pmounter" in terminal again to start a new pmount session that shows the newly added device (does not affect the status of whatever was already mounted).

- Banksy3 uses a "readonly" version of the ntfs mounter. This is a precaution to stop newbies/children from harming their Windows partition. If you need to write to an ntfs partition I have a .pet which allows you to temporarily enable/disable writing. Let me know if you need it.
.

Thanks again for testing. Much obliged good sir! (and thanks for all your posts over the years concerning modifcations that disable savefile updates at shutdown time - they are what prompted my original interest in saving personalisations in a non-corruptible way. I really love running banksy knowing I never have to worry about a savefile again ).

Is there any easy method of gaining access to other partitions on the hdd/removable media?

Depends on how you define easy. You can click on the terminal icon (the black "screen" icon 2 places to the right from the main menu button) and enter the following command:

pmounter

This will bring up the pmount dialog and you can click to mount the partition you want. (I find this method easy but others may consider it an annoyance).

There are a couple of considerations:

- All I did was to rename pmount to pmounter so that a newbie or child could not access pmount from the menus. Just a safety precaution.

- Because "pmount" has been renamed some of the functions of the pmount dialog do not work as they originally did (eg: "Refresh" does not work). If there are any issues I simply close the pmount dialog and type "pmounter" in terminal again.

- The pmount dialog does not reflect any devices that have been plugged in after the dialog was started. Need to close the dialog and enter "pmounter" in terminal again to start a new pmount session that shows the newly added device (does not affect the status of whatever was already mounted).

- Banksy3 uses a "readonly" version of the ntfs mounter. This is a precaution to stop newbies/children from harming their Windows partition. If you need to write to an ntfs partition I have a .pet which allows you to temporarily enable/disable writing. Let me know if you need it.
.

Thank you greengeek it was perfectly easy enough for me.
Was experimenting most of the day yesterday with Banksy and it certainly fits in with things I need to do.
Great stuff thanks.

What would happen if I wanted to make a further change to [my personalized?] Banksy3?

1st [and only] method I can think of...
Is to begin again by booting my CD-RW copy of the RC5 generic Banksy3...
Then do all the usual customizations...
Then make the additional customization...
And then make a new customized ISO and CD-RW.

I imagine you'll come up with something better than that.

p.s. Would Banksy3 help counteract ransomware.
Or is ransomware only used on servers?

p.s. Would Banksy3 help counteract ransomware.
Or is ransomware only used on servers?

I have had one encounter with ransomware while browsing - I received a message on screen informing me that all my drives were being encrypted and I must contact a specific website to pay for an unlock code. My blood ran cold. I was unable to move the mouse or close the browser so I held the power button for 10 seconds (hard power off). I knew this would be safe to do because there is no savefile to corrupt. None of my files were affected and none of my storage disks were locked out or encrypted.

I don't think it is possible to fully protect against all attacks - there are some very smart and well resourced (ie state backed) hackers and maybe some of them are involved in writing the Linux kernel itself. Hmmmm...

The only safe way to protect your data from ransomware encryption is to not have that storage plugged into your machine at all while browsing.

If you wish to increase your browsing security while using banksy do the following:
Open a terminal and enter the following command:

run-as-spot firefox

Firefox will run with non-root permissions and without a preset profile.

1. "None of my files were affected and none of my storage disks were locked out or encrypted."
Suggests it was perhaps not the real thing, eh?

2. "...maybe the non-savefile + non-mounted disk strategy inherent in banksy saved me."
I imagine...
a. The read-only Banksy3 optical disk made that invulnerable.
b. Do you use only external storage media?
Is the external USB HDD connected but not powered-on? [like mine?]
Does not powering-on protect such external HDD's? [I guess so]
OR...
c. Do you have 1 or more internal HDD's?
Would merely having such partitions un-mounted protect them?
Are malicious programs unable to mount partitions when running within a Puppy?

3. "I don't think it is possible to fully protect against all attacks"
See this posted reply by gjuhasz regarding his Puli, saying: "Puli can block ransomware if you are careful enough and avoid common traps", and more.

4. "If you wish to increase your browsing security while using banksy do the following:
Open a terminal and enter the following command:
run-as-spot firefox
Firefox will run with non-root permissions and without a preset profile."
Best to do that by making it as an additional personalization?
I'm ill-at-ease running as "spot".
I understand [I hope] running as root, but not sure what benefits "not-running-as-root" confers.
I've read Ransomware meets Linux – on the command line!, but understanding all of its implications is difficult for me.
I also read a table somewhere recently that showed that not running as root only protected OS files, NOT personal files.
But Banksy3 OS files are read-only anyway, hence....no need to not run as root methinks.

downloading ISO, just to see..
VMlinuz corrupted. I need dowloading ISO again._________________Passenger Pelo ! don't ask him to repair the aircraft. Don't use him as a demining dog .... pleeease.Last edited by Pelo on Thu 21 Apr 2016, 04:20; edited 2 times in total

Hi Sylvander - please excuse the long reply but you have raised some very important questions and I feel it is worthwhile giving as full a reply as I can:

Quote:

1. "None of my files were affected and none of my storage disks were locked out or encrypted."
Suggests it was perhaps not the real thing, eh?

No, I don't agree. After this attack happened I googled quite a bit of info regarding encryption ransomware and I am convinced this was a real attack. I feel 100% sure that if i had been using a Windows OS my disks would have been encrypted. I think I was saved by two things:
1) Linux requires a different attack vector than Windows. Different code.
2) Not every Linux is the same. Even if this attack was in fact using Linux focused code there was enough about my system that was different that the attack did not succeed. This can come down to versions of software (eg ssh, ssl bash, etc etc) and also to structure of the OS (eg things like passwording / permissions / disk mounting etc etc)

Quote:

I imagine...
a. The read-only Banksy3 optical disk made that invulnerable.

No. The fact that optical disk is "readonly" can only protect the integrity of the OS files that are initially loaded into RAM. It ensures that you have not absorbed malware from a previous session (unless you are using a multisession CD or DVD method). Use of optical media does not protect your personal data on HDD or usb storage from an attack that comes in via browser. The personal data on harddrive disks and usb storage are equally exposed regardless of whether the initial OS code is resident on optical media or from HDD, or in RAM. It is important to remember that the attack code is potentially downloaded direct from the internet into RAM and run from there.
However - it is also important to remember that some of these attacks require a "preparatory" attack - ie part of the code gets downloaded in one session, and the rest of the attack code is downloaded in a later session. This kind of attack can be prevented by use of non-multisession optical media (or sfs solutions as used in banksy) because the initial attack is dumped not saved - therefore rendering the second attack useless.
If you are using the internet you should have all personal data offline (physically disconnected from the PC) or else have a good backup you can rely on so that if a ransomware attack occurred you could just have a good laugh, switch your machine off, and reload your personal data from your backup.

Quote:

b. Do you use only external storage media?

No - I do have an internal HDD aswell. And my banksy OS is loaded from a usb stick permanently plugged in. However I do generally keep an external backup of all the data on the internal HDD. This is good practice because every HDD is going to fail eventually anyway - it doesn't really matter whether the HDD inaccessibility is caused by ransomware or by drive hardware failure - it is inevitable that it is going to become inaccessible and all data irretrievable.

Quote:

Is the external USB HDD connected but not powered-on? [like mine?]
Does not powering-on protect such external HDD's? [I guess so]

Depends on the HDD itself. Some HDDs can be fully powered from the PC's usb bus whereas other HDDs require an external power supply aswell as the usb power connection. Most HDDs will have their internal interface powered from the usb bus so there is a possibility of drive/data damage even if the external power supply is disconnected. Depends on the design of the HDD or enclosure though. If you want to be sure that the disk is protected you must disconnect the usb cable.

Quote:

c. Do you have 1 or more internal HDD's?
Would merely having such partitions un-mounted protect them?

No. Being unmounted is not sufficient. Having a disk unmounted is only a protection from some types of user error. The system can still damage HDD data via such programs such as gparted or other disk formatting software (which requires an unmounted disk) and by commands such as "dd".

Quote:

Are malicious programs unable to mount partitions when running within a Puppy?

No. They are able to mount disks. Puppy by design runs as root so that means full control is offered to any person or program that is controlling the system. If your disk is plugged in it can be mounted either by yourself, or by a script that you set up, or by an ssh session, or via Teamviewer or any other remote control program, or by any malware that gets control of your commandline.

Quote:

See this posted reply by gjuhasz regarding his Puli, saying: "Puli can block ransomware if you are careful enough and avoid common traps"

I don't want to say anything against Puli as I think gjuhasz is doing a good job of allowing the user to stay alert and retain control. However - to say that any OS can "block ransomware" implies that we already understand all available forms of ransomware and clearly this is erroneous. There will always be new versions of ransomware (and destructionware) that come on stream.
American and Israeli defence forces wrote the Stuxnet virus which succeeded in damaging centrifuges in Iranian factories (see link) - there is nothing stopping them (or others) from doing similar damage inside your (or my) operating system. They are way too smart and well resourced to counteract. And of course many state funded hackers are in action now - from many nations around the globe. There are also cases of state sponsored attacks damaging the PCs of innocent people - it's not like they necessarily want our information or wish to damage our data - it may just be collateral damage. As another example Sony corporation damaged innocent peoples data in their attempts to control DRM content. We have to expect threats from unknown sources.

Quote:

4. "If you wish to increase your browsing security while using banksy do the following:
Open a terminal and enter the following command:
run-as-spot firefox
Firefox will run with non-root permissions and without a preset profile."
Best to do that by making it as an additional personalization?

No - there is no point adding it as a personalisation - the ability to "run-as-spot" is already built in and it is best to type it into terminal (I can make a pet for you if you do want to have it available from the menu and want to burn it in as a personalisation. I thought of adding it as "SpotFox" into the internet menu...)

Quote:

I'm ill-at-ease running as "spot".

I am not sure what your concerns might be about this. "Spot" simply insulates the browser (or other program) from the overall power of having root permissions. It is unwise to visit risky sites if you are going to offer them "root" power. Better to have them "sandboxed" as Spot so they can not access all root powers in your OS. Run-as-spot thread here

Quote:

I understand [I hope] running as root, but not sure what benefits "not-running-as-root" confers.

Running as root gives you total power over your machine (like running Windows 98). However, it also gives everyone else who accesses your machine (your children, wife, boss, hackers etc) the same power. Running a program as Spot limits that program to accessing/controlling only that part of your machine that Spot (as a limited user) is allowed to do. I see it as increasingly important to limit browser permissions so that malware does not get root powers.
(Having said that - some malware "escalates" it's own permissions and assumes root powers. Not all malware is capable of this however)

Quote:

I've read Ransomware meets Linux – on the command line!, but understanding all of its implications is difficult for me.

Again I would highlight the fact that some hackers have enormous resources (governmental) behind them to produce advanced code that can use the inbuilt functionality of Linux against the end user - so that if some Martian government saw it as worthwhile to "ransom" Sylvanders files they could definitely find a way to do so. Unless your files are disconnected from your PC!

Quote:

I also read a table somewhere recently that showed that not running as root only protected OS files, NOT personal files.

Nothing protects your personal files except encryption and/or physical removal from the machine. And even encryption won't help you if some hacker re-encrypts your files the way ransomware does.

Quote:

But Banksy3 OS files are read-only anyway, hence....no need to not run as root methinks.

Only true with regard to the integrity of files loaded from the boot media in sfs form. Not true for data downloaded from the internet - that data can be good or bad - your servant or your master. Better to sandbox that data with limited Spot permissions rather than full root permissions.

Hi Sylvander - please excuse the long reply but you have raised some very important questions and I feel it is worthwhile giving as full a reply as I can:

Quote:

1. "None of my files were affected and none of my storage disks were locked out or encrypted."
Suggests it was perhaps not the real thing, eh?

No, I don't agree. After this attack happened I googled quite a bit of info regarding encryption ransomware and I am convinced this was a real attack. I feel 100% sure that if i had been using a Windows OS my disks would have been encrypted. I think I was saved by two things:
1) Linux requires a different attack vector than Windows. Different code.
2) Not every Linux is the same. Even if this attack was in fact using Linux focused code there was enough about my system that was different that the attack did not succeed. This can come down to versions of software (eg ssh, ssl bash, etc etc) and also to structure of the OS (eg things like passwording / permissions / disk mounting etc etc)

Quote:

I imagine...
a. The read-only Banksy3 optical disk made that invulnerable.

No. The fact that optical disk is "readonly" can only protect the integrity of the OS files that are initially loaded into RAM. It ensures that you have not absorbed malware from a previous session (unless you are using a multisession CD or DVD method). Use of optical media does not protect your personal data on HDD or usb storage from an attack that comes in via browser. The personal data on harddrive disks and usb storage are equally exposed regardless of whether the initial OS code is resident on optical media or from HDD, or in RAM. It is important to remember that the attack code is potentially downloaded direct from the internet into RAM and run from there.
However - it is also important to remember that some of these attacks require a "preparatory" attack - ie part of the code gets downloaded in one session, and the rest of the attack code is downloaded in a later session. This kind of attack can be prevented by use of non-multisession optical media (or sfs solutions as used in banksy) because the initial attack is dumped not saved - therefore rendering the second attack useless.
If you are using the internet you should have all personal data offline (physically disconnected from the PC) or else have a good backup you can rely on so that if a ransomware attack occurred you could just have a good laugh, switch your machine off, and reload your personal data from your backup.

Quote:

b. Do you use only external storage media?

No - I do have an internal HDD aswell. And my banksy OS is loaded from a usb stick permanently plugged in. However I do generally keep an external backup of all the data on the internal HDD. This is good practice because every HDD is going to fail eventually anyway - it doesn't really matter whether the HDD inaccessibility is caused by ransomware or by drive hardware failure - it is inevitable that it is going to become inaccessible and all data irretrievable.

Quote:

Is the external USB HDD connected but not powered-on? [like mine?]
Does not powering-on protect such external HDD's? [I guess so]

Depends on the HDD itself. Some HDDs can be fully powered from the PC's usb bus whereas other HDDs require an external power supply aswell as the usb power connection. Most HDDs will have their internal interface powered from the usb bus so there is a possibility of drive/data damage even if the external power supply is disconnected. Depends on the design of the HDD or enclosure though. If you want to be sure that the disk is protected you must disconnect the usb cable.

Quote:

c. Do you have 1 or more internal HDD's?
Would merely having such partitions un-mounted protect them?

No. Being unmounted is not sufficient. Having a disk unmounted is only a protection from some types of user error. The system can still damage HDD data via such programs such as gparted or other disk formatting software (which requires an unmounted disk) and by commands such as "dd".

Quote:

Are malicious programs unable to mount partitions when running within a Puppy?

No. They are able to mount disks. Puppy by design runs as root so that means full control is offered to any person or program that is controlling the system. If your disk is plugged in it can be mounted either by yourself, or by a script that you set up, or by an ssh session, or via Teamviewer or any other remote control program, or by any malware that gets control of your commandline.

Quote:

See this posted reply by gjuhasz regarding his Puli, saying: "Puli can block ransomware if you are careful enough and avoid common traps"

I don't want to say anything against Puli as I think gjuhasz is doing a good job of allowing the user to stay alert and retain control. However - to say that any OS can "block ransomware" implies that we already understand all available forms of ransomware and clearly this is erroneous. There will always be new versions of ransomware (and destructionware) that come on stream.
American and Israeli defence forces wrote the Stuxnet virus which succeeded in damaging centrifuges in Iranian factories (see link) - there is nothing stopping them (or others) from doing similar damage inside your (or my) operating system. They are way too smart and well resourced to counteract. And of course many state funded hackers are in action now - from many nations around the globe. There are also cases of state sponsored attacks damaging the PCs of innocent people - it's not like they necessarily want our information or wish to damage our data - it may just be collateral damage. As another example Sony corporation damaged innocent peoples data in their attempts to control DRM content. We have to expect threats from unknown sources.

Quote:

4. "If you wish to increase your browsing security while using banksy do the following:
Open a terminal and enter the following command:
run-as-spot firefox
Firefox will run with non-root permissions and without a preset profile."
Best to do that by making it as an additional personalization?

No - there is no point adding it as a personalisation - the ability to "run-as-spot" is already built in and it is best to type it into terminal (I can make a pet for you if you do want to have it available from the menu and want to burn it in as a personalisation. I thought of adding it as "SpotFox" into the internet menu...)

Quote:

I'm ill-at-ease running as "spot".

I am not sure what your concerns might be about this. "Spot" simply insulates the browser (or other program) from the overall power of having root permissions. It is unwise to visit risky sites if you are going to offer them "root" power. Better to have them "sandboxed" as Spot so they can not access all root powers in your OS. Run-as-spot thread here

Quote:

I understand [I hope] running as root, but not sure what benefits "not-running-as-root" confers.

Running as root gives you total power over your machine (like running Windows 9. However, it also gives everyone else who accesses your machine (your children, wife, boss, hackers etc) the same power. Running a program as Spot limits that program to accessing/controlling only that part of your machine that Spot (as a limited user) is allowed to do. I see it as increasingly important to limit browser permissions so that malware does not get root powers.
(Having said that - some malware "escalates" it's own permissions and assumes root powers. Not all malware is capable of this however)

Quote:

I've read Ransomware meets Linux – on the command line!, but understanding all of its implications is difficult for me.

Again I would highlight the fact that some hackers have enormous resources (governmental) behind them to produce advanced code that can use the inbuilt functionality of Linux against the end user - so that if some Martian government saw it as worthwhile to "ransom" Sylvanders files they could definitely find a way to do so. Unless your files are disconnected from your PC!

Quote:

I also read a table somewhere recently that showed that not running as root only protected OS files, NOT personal files.

Nothing protects your personal files except encryption and/or physical removal from the machine. And even encryption won't help you if some hacker re-encrypts your files the way ransomware does.

Quote:

But Banksy3 OS files are read-only anyway, hence....no need to not run as root methinks.

Only true with regard to the integrity of files loaded from the boot media in sfs form. Not true for data downloaded from the internet - that data can be good or bad - your servant or your master. Better to sandbox that data with limited Spot permissions rather than full root permissions.

Very interesting read but I'm not sure that I completely understand some of the above comments.
Surely if Banksy is a read only system,how can any ransomware be written to any hdd's/usb drives even if they were mounted?

Surely if Banksy is a read only system,how can any ransomware be written to any hdd's/usb drives even if they were mounted?

Ransomware uses the normal writing functions that are inherent in any operating system (Linux or Windows). There is no realistic way to turn off the writing functions embedded in the operating system. The best you can do is reduce the amount of access the system has to overwrite your stored data.

If a user wants to protect their data from ransomware they must remove their storage media from their computer while browsing.

With regard to banksy's readonly capabilities - there are two main parts of banksy that are "read only" (in contrast to a normal puppy...)

1) The personalised settings are locked up in a readonly "sfs" file. This means that every boot loads your "pure" personalisations - unaffected by any changes or malware from your previous session. By contrast a normal puppy would remember the changes from your previous session and that could include malware or system file damage (permissions faults etc) that occurred during that previous session and got written to disk.

2) Banksy3 by default has a readonly version of the NTFS mounter (courtesy of rcrsn51's modification). This means that NTFS partitions are mounted readonly - but other partitions are mounted normally. The main value of mounting NTFS partitions as readonly is that this offers some protection for Windows partitions. I don't want new banksy users accidentally blowing away their Windows installations.

It is important to note that banksy does not remove any of the very powerful Linux utilities that we would frequently use to set up our systems - in particular "Gparted" which we normally use for preparing disks and partitions.

Amongst Puppy users there is also an increasing usage of the "dd" command for preparing disks for certain types of installs. Banksy still permits the use of the dd command to write to disks.

In addition to "dd" there are a host of other commands inherent in Linux that permit writing to storage media and partitions - these are all still active in banksy as they are part of the internal structure of Linux and it's kernel. Ransomware uses these utilities to do it's evil work.

There are some versions of Linux (eg Kiosk puppies as released by forum member shadowersc) which may have tighter controls over these commands - but banksy retains them. I am not trying to make a fully locked down puppy - I just want to assist the user avoid common user mistakes that damage their system.

So to summarise - banksy is not fully readonly. Otherwise it would be a crippled system in my view. Banksy is designed to protect against inexperienced users mounting and inadvertently abusing their Windows partition and it also avoids the pitfalls of other puppies that allow session data to be permananetly written into the next session. The "readonly" system files locked up in the personal sfs are a good protection against malware - but they do not remove the need for the end user to protect and back up their critical personal and business data

Just added a link in the second post on page one to a new version of Banksy called b3libre which contains LibreCad (which I use for all sorts of technical drawing) and LibreOffice, as well as having a printer installer for some Brother MFC models that are my favourite -all-in-one printer/scanner. It also has both Firefox (an old stable version) and Google Chrome so it handles the modern internet well.

It also has the ability to capture all of your personalisations - so this gives you the ability to set your puppy up exactly as you want it and with a single click burn it to CD, DVD or personal sfs.

You cannot post new topics in this forumYou cannot reply to topics in this forumYou cannot edit your posts in this forumYou cannot delete your posts in this forumYou cannot vote in polls in this forumYou cannot attach files in this forumYou can download files in this forum